David Miller (), lub luag haujlwm rau lub kernel network subsystem Linux, mus rau net-tom ntej ceg nrog rau kev siv ntawm VPN interface los ntawm qhov project Thaum pib xyoo tom ntej, cov kev hloov pauv uas tau sib sau ua ke hauv ceg net-next yuav tsim lub hauv paus ntawm kev tso tawm tseem ceeb. Linux 5.6.
Kev sim txhawb nqa cov lej WireGuard Hauv lub kernel tseem ceeb, kev siv zog tau ua tiav ob peb xyoos dhau los, tab sis lawv tseem tsis tau ua tiav vim lawv vam khom rau kev siv cov haujlwm cryptographic uas tau siv los txhim kho kev ua tau zoo. Thaum pib, cov haujlwm no tau rau cov kernel raws li qib qis Zinc API ntxiv, uas tuaj yeem hloov pauv tus qauv Crypto API.
Tom qab kev sib tham ntawm lub rooj sib tham Kernel Recipes, cov neeg tsim khoom WireGuard thaum lub Cuaj Hlis hloov koj cov patches kom siv Crypto API uas twb muaj lawm hauv lub hauv paus, uas cov neeg tsim khoom muaj kev nkag mus rau WireGuard Muaj cov lus tsis txaus siab txog kev ua tau zoo thiab kev ruaj ntseg tag nrho. Nws tau txiav txim siab txuas ntxiv tsim Zinc API, tab sis ua ib qhov project sib cais.
Thaum lub Kaum Ib Hlis, cov neeg tsim tawm kernel nyob rau hauv teb rau ib tug kev sib haum xeeb thiab pom zoo kom hloov ib feem ntawm cov cai los ntawm Zinc mus rau lub ntsiab kernel. Qhov tseem ceeb, qee qhov Zinc Cheebtsam yuav raug hloov mus rau hauv cov tub ntxhais, tab sis tsis yog API cais, tab sis yog ib feem ntawm Crypto API subsystem. Piv txwv li, lub Crypto API twb npaj rau hauv WireGuard Kev siv cov algorithms ChaCha20 thiab Poly1305 sai.
Nyob rau hauv kev sib txuas nrog kev xa khoom tom ntej WireGuard nyob rau hauv pab pawg tseem ceeb, tus tsim ntawm qhov project txog kev hloov kho qhov chaw cia khoom. Txhawm rau kom yooj yim rau kev txhim kho, qhov chaw cia khoom monolithic tau hloov los ntawmWireGuard.git", uas tau tsim los kom muaj nyob sib cais, yuav tau txais peb lub chaw khaws cia sib cais uas zoo dua rau kev teeb tsa haujlwm nrog cov lej hauv lub hauv paus tseem ceeb:
- — tag nrho cov kernel ntoo nrog cov kev hloov pauv los ntawm qhov project Wireguard, cov kho uas yuav raug tshuaj xyuas kom suav nrog hauv lub hauv paus thiab tsis tu ncua tsiv mus rau cov ceg hauv net/net-next.
- - lub chaw khaws cia rau cov khoom siv hluav taws xob thiab cov ntawv sau ua haujlwm hauv qhov chaw siv, xws li wg thiab wg-ceev. Lub repository tuaj yeem siv los tsim cov pob khoom rau kev faib khoom.
- — ib lub chaw cia khoom nrog ib qho version ntawm lub module, xa tawm cais ntawm lub kernel thiab suav nrog ib txheej compat.h kom ntseeg tau tias sib xws nrog cov kernels qub. Kev txhim kho thawj zaug yuav tshwm sim hauv lub chaw cia khoom. wireguard-linux.git, tab sis tsuav yog muaj qhov ua tau thiab qhov xav tau los ntawm cov neeg siv, ib qho version sib cais ntawm cov patches kuj tseem yuav raug txhawb nqa hauv daim ntawv ua haujlwm.
Cia peb nco ntsoov koj tias VPN WireGuard Siv cov txheej txheem encryption niaj hnub no, nws muab kev ua haujlwm siab heev, yooj yim siv, tsis muaj teeb meem, thiab tau ua pov thawj nws tus kheej hauv ntau qhov kev xa tawm loj uas tuav cov tsheb khiav ntau. Qhov project tau tsim kho txij li xyoo 2015 thiab tau raug tshuaj xyuas thiab siv cov txheej txheem encryption. Kev txhawb nqa WireGuard Nws twb tau koom ua ke rau hauv NetworkManager thiab systemd, thiab cov kernel patches suav nrog hauv cov kev faib tawm hauv paus. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
В WireGuard Lub tswv yim ntawm kev siv cov yuam sij encryption routing yog siv, uas cuam tshuam nrog kev khi tus yuam sij ntiag tug rau txhua lub network interface thiab siv nws rau kev khi tus yuam sij pej xeem. Cov yuam sij pej xeem raug pauv los tsim kom muaj kev sib txuas zoo ib yam li SSH. Txhawm rau sib tham cov yuam sij thiab tsim kom muaj kev sib txuas yam tsis tau khiav ib lub daemon sib cais hauv qhov chaw neeg siv, Noise_IK mechanism los ntawm zoo ib yam li kev tswj hwm authorized_keys hauv SSH. Kev xa cov ntaub ntawv yog ua los ntawm encapsulation hauv UDP pob ntawv. Nws txhawb kev hloov pauv tus IP chaw nyob ntawm VPN server (roaming) yam tsis muaj kev cuam tshuam kev sib txuas thiab cia li hloov kho tus neeg siv khoom.
Rau encryption kwj cipher thiab lus authentication algorithm (MAC) , tsim los ntawm Daniel Bernstein (), Tanya Lange
(Tanja Lange) thiab Peter Schwabe. ChaCha20 thiab Poly1305 yog positioned raws li sai thiab muaj kev ruaj ntseg analogues ntawm AES-256-CTR thiab HMAC, qhov kev siv software uas tso cai rau ua tiav lub sijhawm ua tiav yam tsis muaj kev siv tshwj xeeb kho vajtse. Txhawm rau tsim kom muaj tus yuam sij zais cia, elliptic nkhaus Diffie-Hellman raws tu qauv yog siv rau hauv kev siv , kuj tau thov los ntawm Daniel Bernstein. Lub algorithm siv rau hashing yog .
ntawm tsim ntau WireGuard tau pom tias muaj 3.9 npaug ntawm kev ua haujlwm ntau dua thiab 3.8 npaug ntawm kev teb sai dua piv rau OpenVPN (256-ntsis AES nrog HMAC-SHA2-256). Piv rau IPsec (256-ntsis ChaCha20 + Poly1305 thiab AES-256-GCM-128) hauv WireGuard Muaj qhov zoo me ntsis ntawm kev ua tau zoo (13-18%) thiab qhov txo qis ntawm latency (21-23%). Cov kev sim tau ua tiav los ntawm kev siv qhov project tus kheej cov kev siv ceev ceev ntawm cov algorithms encryption; hloov mus rau lub hauv paus Crypto API tej zaum yuav ua rau kev ua tau zoo poob qis.
Tau qhov twg los: opennet.ru
